the final byte of a pkcs7 padded plaintext can never be 0

Submitted by: K S Sreeram <sreeram@tachyontech.net>
This commit is contained in:
Nils Larsch 2005-07-20 22:03:36 +00:00
parent 0066590f98
commit b554eef43b

View file

@ -449,7 +449,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
}
OPENSSL_assert(b <= sizeof ctx->final);
n=ctx->final[b-1];
if (n > (int)b)
if (n == 0 || n > (int)b)
{
EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
return(0);